Malware Analysis Report

2024-10-19 11:11

Sample ID 240124-vgsenaeaap
Target 14313506314.zip
SHA256 15476af14f9d7dc20ac3a9e28b4998c179ce5e35b94fb2f1c621e2c0c5cfe01c
Tags
pdf link javascript
score
6/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
6/10

SHA256

15476af14f9d7dc20ac3a9e28b4998c179ce5e35b94fb2f1c621e2c0c5cfe01c

Threat Level: Shows suspicious behavior

The file 14313506314.zip was found to be: Shows suspicious behavior.

Malicious Activity Summary

pdf link javascript

PDF contains JavaScript

One or more HTTP URLs in PDF identified

Suspicious use of SetWindowsHookEx

Checks processor information in registry

Suspicious behavior: GetForegroundWindowSpam

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-01-24 16:58

Signatures

PDF contains JavaScript

pdf javascript

One or more HTTP URLs in PDF identified

pdf link

Analysis: behavioral1

Detonation Overview

Submitted

2024-01-24 16:58

Reported

2024-01-24 17:00

Platform

win7-20231215-en

Max time kernel

122s

Max time network

126s

Command Line

"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\9ac3bb7cf71d366dbbbe231822f3785034009b94e742dadb80ef33984bf2e07a.pdf"

Signatures

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe N/A

Processes

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe

"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\9ac3bb7cf71d366dbbbe231822f3785034009b94e742dadb80ef33984bf2e07a.pdf"

Network

N/A

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-01-24 16:58

Reported

2024-01-24 17:00

Platform

win10v2004-20231215-en

Max time kernel

91s

Max time network

155s

Command Line

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\9ac3bb7cf71d366dbbbe231822f3785034009b94e742dadb80ef33984bf2e07a.pdf"

Signatures

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A

Processes

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\9ac3bb7cf71d366dbbbe231822f3785034009b94e742dadb80ef33984bf2e07a.pdf"

Network

Country Destination Domain Proto
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 202.178.17.96.in-addr.arpa udp
NL 52.142.223.178:80 tcp
US 8.8.8.8:53 4.181.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 140.71.91.104.in-addr.arpa udp
US 8.8.8.8:53 194.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp

Files

N/A